- cross-posted to:
- programming@beehaw.org
- programming@lemmy.ml
- cross-posted to:
- programming@beehaw.org
- programming@lemmy.ml
Seems like he’s been pushed into using LLMs as a way to cope with the deluge of LLM-generated security reports.
Seems like he’s been pushed into using LLMs as a way to cope with the deluge of LLM-generated security reports.
I think it’s unreasonable to complain that the guy is not working enough for free.
I think it’s reasonable to alert people that rsync is not being properly maintained anymore and to seek alternatives.
I would prefer the maintainer to announce publicly that he can’t maintain the project anymore and is looking for help/someone to take over instead of breaking the project silently.
But where will the maintainers for these alternatives come from, when barely anybody has stepped up in the 30 years of rsync’s existence? Your comment implies that tridge didn’t call for help before, which is far from the truth.
This is thankless maintenance on critical software, not some *-arr toy project for hobbyist self-hosters.
Universal Healthcare would increase the pool of willing developers by an order of magnitude here.
No disagreement here but I’m not sure that’s on the menu right now
Either Universal Healthcare is on the menu or society falls apart, pick one.
Oh man I’m like super agreeing with you. Also I’m in a place that actually has universal healthcare, so it’s not like it’s unworkable
I’m not so sure. The problem is not a lack of developers. The problem is a lack of developers interested in working on rsync, or on any other specific project you can name. Most developers would rather work on their own projects.
I would also question whether or not universal healthcare (though unquestionably a good thing) would actually result in such an increase in available developers. The following study looked at the geographical distribution of OSS developers in 2021, via Github contributions, and found that the US had a similar number of OSS developers per capita compared to similar countries that do have universal healthcare (see table 2):
https://www.sciencedirect.com/science/article/pii/S0040162522000105
Github and the whole culture that it came out of it used to (it feels sooooo good to say that in the past tense) be globally hinged on Silicon Valley, why would you not expect to see a anomalously high number of US developers on it?
That’s definitely a possibility, along with the possibility that countries with worse English language skills might be underrepresented on GitHub, despite having universal healthcare. Conversely, if the US is over-represented on GitHub, then the pool of US developers who are not already active on GitHub may also be depleted compared to other countries. However, that is not something we can read out of the available evidence.
The most we can conclude is probably that the US getting universal healthcare might result in an increase in available OSS developers, depending on which assumptions turn out to be correct, but suggesting that it would lead to an order of magnitude increase is surely premature
The US is continuing to worsen in performance on meaures of small business entrepreneurship in essentially all industries in the US, software and software adjacent industries are no different especially if you don’t get distracted by the AI bubble inflating that value of a bunch of illusions claiming to be businesses.
It is easy to see how the inability of the average person to try a new idea, or risk taking on a project that may not pay off immediately translates directly to a lack of available developers for open source software projects.
The impact of Universal Healthcare would be huge for open source development in the US, the amount of programmers that would be pushed over the line from “just making ends meet while having a work life balance” to “ok maybe I could devote some time to open source development”.
Don’t get me wrong though, I think we need to normalize straight up paying developers for Open Source Development. Just because it is open source doesn’t mean it doesn’t take labor, that is not the argument I am making.
https://www.commonwealthfund.org/publications/issue-briefs/2018/oct/affordable-care-act-impact-small-business
https://github.com/rclone/rclone
https://github.com/restic/restic
https://github.com/bcpierce00/unison
https://syncthing.net/
The thing with old, critical software is that after some time people don’t really want to dig through decades of C code and prefer to write something new using modern tools. Those projects get plenty of support because people actually do want to work on them. If no one wants to work on rsync than what the maintainer is doing now is just prolong it’s agony a couple of years. I would say he should do the minimum work, announce end of life date and move on. People that need tools like rsync will develop something.
Also, having critical software depend on one guy is not safe. We should avoid that. If critical software depends on one guy it should be phased out.
Here are the percent of commits from the top committer in each repository you mentioned, as well as rsync, over the last 3 months:
As you can see, each of this projects depends heavily on a single person, though to a lesser degree than rsync. That’s just the nature of most open-source software.
Note that I excluded dependabot commits from the calculations and counted Claude commits as the lead developer for rsync
How I imagine this:
For example, I’m about to setup some syncing for my homelab and I will not use rsync for that. That’s why talking about the state of rsync is important. As I said, it’s not about attacking the dev for not working hard enough. It’s about long term planning.
I remember when the maintainer for discord.py stepped down. He eventually stepped back in because no one wanted took over the project and he didn’t want to see it die. This was before the current AI era, all someone had to do was continue to develop it.
I think almost everyone will do step 2 and 3 but not step 4.
The fact that open source exist and functions so well for decades shows that people do step 4. If no one wants to step in it usually means the project is not important.
I think what you’re missing is that the number of people doing step 4 has been going downhill steadily since the 2000s. People start open source projects yes, which for 99% of them don’t bring in any users and barely get maintained over the long run, but the pool of people willing to contribute to large established projects is so small it is becoming problematic.
Even Wikipedia is having its own editor crisis, where most of the power editors are greying out and barely anyone is stepping up to replace them.
And this is happening exactly because most people, like you, think that the free infrastructure around us is a fait accompli which doesn’t require us to personally get involved in their maintenance, and that we can even afford to scare away those that do contribute.
I do contribute time and donate money to open source project so… miss?
With less contributors simply mean we will have to be smarter about which projects we supports. In open source it’s a natural process. People support projects they actually use and need. If we can’t get enough resources to support even the most basic infrastructure then the experiment will end.
The trouble with some of those projects (e.g. unison and sun thing) is that they don’t solve the same problem, not really.
A rewrite with modern tooling would be better done if it was incremental.
He’s been asking for help but nobody took him up on it.
Is that your assumption given that they’re using AI? Because it’s not at all what I have taken away from their article.
Is “not properly maintained anymore” your interpretation of them using AI? Or what do you base that on?
The whole story started because rsync stopped working for some users. That’s “not properly maintained” in my books.
I don’t know the degree to that, but bugs do happen occasionally either way as long as there are changes. In the article, they explain why the changes are necessary. Prioritizing security over no-change-stability seems reasonable and warranted.
The author said:
So as I said, I don’t think it’s fair to scream at him to work harder. I do think it’s fair to worn people that rsync is having issues with stability. The author claims he knows what he’s doing and it’s all on purpose. You are free to trust him and ignore the whole affair. Other people may prefer to look for alternatives.